MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Label more sepolicies for k4.19

Browse source 
Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
This commit is contained in:
Kunmun 2021-11-30 21:14:50 +08:00 committed by pix106
parent 9730b3c65c
commit 10087c76b8
27 changed files with 57 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sepolicy/private/mediaprovider_app.te Normal file
View file

@ -0,0 +1,2 @@
allow mediaprovider_app rootfs:dir { read };
allow mediaprovider_app rootfs:file { getattr };

1
sepolicy/private/system_server.te
View file

@ -4,3 +4,4 @@ get_prop(system_server, vendor_persist_camera_prop)
get_prop(system_server, userspace_reboot_config_prop) get_prop(system_server, userspace_reboot_config_prop)
get_prop(system_server, userspace_reboot_exported_prop) get_prop(system_server, userspace_reboot_exported_prop)
get_prop(system_server, exported_camera_prop)

1
sepolicy/vendor/app.te vendored
View file

@ -5,3 +5,4 @@ allow { appdomain -isolated_app } adsprpcd_file:dir r_dir_perms;
allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms; allow { appdomain -isolated_app } public_adsprpcd_file:file r_file_perms;
get_prop(appdomain, exported_camera_prop) get_prop(appdomain, exported_camera_prop)
get_prop(appdomain, vendor_persist_camera_prop)

1
sepolicy/vendor/fsck_untrusted.te vendored Normal file
View file

@ -0,0 +1 @@
allow fsck_untrusted sysfs:file { getattr };

7
sepolicy/vendor/hal_audio_default.te vendored
View file

@ -8,3 +8,10 @@ set_prop(hal_audio_default, dirac_prop)
set_prop(hal_audio_default, vendor_audio_prop) set_prop(hal_audio_default, vendor_audio_prop)
get_prop(hal_audio_default, vendor_audio_prop) get_prop(hal_audio_default, vendor_audio_prop)
allow hal_audio_default audio_device:dir r_dir_perms;
allow hal_audio_default init:unix_stream_socket connectto;
allow hal_audio_default vendor_data_file:dir { create write add_name };
allow hal_audio_default vendor_data_file:file { append create getattr open read };

1
sepolicy/vendor/hal_dpmQmiMgr.te vendored Normal file
View file

@ -0,0 +1 @@
allow hal_dpmQmiMgr sysfs:file { open read };

5
sepolicy/vendor/hal_graphics_composer_default.te vendored Normal file
View file

@ -0,0 +1,5 @@
allow hal_graphics_composer_default diag_device:chr_file { read };
allow hal_graphics_composer_default sysfs_graphics:file r_file_perms;
allow hal_graphics_composer_default sysfs:file rw_file_perms;
allow hal_graphics_composer_default sysfs_graphics:lnk_file read;
allow hal_graphics_composer_default self:netlink_kobject_uevent_socket { read };

1
sepolicy/vendor/hal_imsrtp.te vendored Normal file
View file

@ -0,0 +1 @@
allow hal_imsrtp diag_device:chr_file { read };

1
sepolicy/vendor/hal_sensors_default.te vendored
View file

@ -1,5 +1,6 @@
allow hal_sensors_default audio_socket:sock_file rw_file_perms; allow hal_sensors_default audio_socket:sock_file rw_file_perms;
allow hal_sensors_default sysfs_info:file { read write }; allow hal_sensors_default sysfs_info:file { read write };
allow hal_sensors_default diag_device:chr_file { read };
unix_socket_connect(hal_sensors_default, audio, hal_audio_default) unix_socket_connect(hal_sensors_default, audio, hal_audio_default)
set_prop(hal_sensors_default, camera_prop) set_prop(hal_sensors_default, camera_prop)

2
sepolicy/vendor/hal_vibrator_default.te vendored Normal file
View file

@ -0,0 +1,2 @@
allow hal_vibrator_default sysfs_leds:file { read write open getattr };
allow hal_vibrator_default sysfs:file { write open read getattr };

1
sepolicy/vendor/hvdcp.te vendored
View file

@ -1 +1,2 @@
allow hvdcp vendor_sysfs_hvdcp:file r_file_perms; allow hvdcp vendor_sysfs_hvdcp:file r_file_perms;
allow hvdcp sysfs:file { open read };

2
sepolicy/vendor/ims.te vendored Normal file
View file

@ -0,0 +1,2 @@
allow ims sysfs:file { open read };
allow ims diag_device:chr_file { read };

6
sepolicy/vendor/init.te vendored
View file

@ -14,3 +14,9 @@ allow init {
allow init firmware_file:filesystem { getattr }; allow init firmware_file:filesystem { getattr };
allow init bt_firmware_file:filesystem { getattr }; allow init bt_firmware_file:filesystem { getattr };
allow init apex_metadata_file:lnk_file { read }; allow init apex_metadata_file:lnk_file { read };
# Vibrator
allow init sysfs_leds: file { rw_file_perms };
allow init sysfs:file { setattr };
allow init debugfs_tracing_debug:dir { mounton };

1
sepolicy/vendor/ipacm-diag.te vendored Normal file
View file

@ -0,0 +1 @@
allow ipacm-diag diag_device:chr_file { read };

1
sepolicy/vendor/ipacm.te vendored Normal file
View file

@ -0,0 +1 @@
allow ipacm ipacm_socket:sock_file { write };

7
sepolicy/vendor/netmgrd.te vendored
View file

@ -1 +1,8 @@
allow netmgrd init:unix_stream_socket { connectto };
allow netmgrd property_socket:sock_file { write };
allow netmgrd sysfs:file { open read };
allow netmgrd vendor_data_ko_prop:property_service { set };
allow netmgrd vendor_default_prop:property_service { set };
allow netmgrd diag_device:chr_file { read };
set_prop(netmgrd, vendor_radio_prop) set_prop(netmgrd, vendor_radio_prop)

1
sepolicy/vendor/port-bridge.te vendored Normal file
View file

@ -0,0 +1 @@
allow port-bridge sysfs:file { open read };

1
sepolicy/vendor/proc_net.te vendored Normal file
View file

@ -0,0 +1 @@
allow proc_net proc:filesystem { associate };

7
sepolicy/vendor/qti_init_shell.te vendored
View file

@ -1,3 +1,8 @@
typeattribute qti_init_shell data_between_core_and_vendor_violators;
allow qti_init_shell vendor_radio_data_file:dir rw_dir_perms;;
allow qti_init_shell vendor_radio_data_file:file create_file_perms;
allow qti_init_shell system_data_file:dir rw_dir_perms;
allow qti_init_shell ctl_start_prop:property_service set; allow qti_init_shell ctl_start_prop:property_service set;
allow qti_init_shell ctl_stop_prop:property_service set; allow qti_init_shell ctl_stop_prop:property_service set;
allow qti_init_shell self:perf_event cpu; allow qti_init_shell self:perf_event cpu;
@ -9,4 +14,6 @@ allow qti_init_shell system_prop:property_service { set };
dontaudit qti_init_shell system_prop:property_service set; dontaudit qti_init_shell system_prop:property_service set;
dontaudit qti_init_shell self:capability { dac_override dac_read_search }; dontaudit qti_init_shell self:capability { dac_override dac_read_search };
set_prop(qti_init_shell, debug_prop);
set_prop(qti_init_shell, radio_prop);
get_prop(vendor_qti_init_shell, radio_control_prop) get_prop(vendor_qti_init_shell, radio_control_prop)

1
sepolicy/vendor/rmt_storage.te vendored Normal file
View file

@ -0,0 +1 @@
allow rmt_storage sysfs:file { open read };

1
sepolicy/vendor/sensors.te vendored Normal file
View file

@ -0,0 +1 @@
allow sensors diag_device:chr_file { read };

1
sepolicy/vendor/vendor_dpmd.te vendored Normal file
View file

@ -0,0 +1 @@
allow vendor_dpmd diag_device:chr_file { read };

1
sepolicy/vendor/vendor_init.te vendored
View file

@ -12,5 +12,6 @@ allow vendor_init proc:file w_file_perms;
get_prop(vendor_init, hal_fingerprint_prop) get_prop(vendor_init, hal_fingerprint_prop)
set_prop(vendor_init, camera_prop) set_prop(vendor_init, camera_prop)
set_prop(vendor_init, vendor_persist_camera_prop)
set_prop(vendor_init, vendor_freq_prop) set_prop(vendor_init, vendor_freq_prop)
set_prop(vendor_init, vendor_power_prop) set_prop(vendor_init, vendor_power_prop)

1
sepolicy/vendor/vendor_per_mgr.te vendored Normal file
View file

@ -0,0 +1 @@
allow vendor_per_mgr sysfs:file { open read };

1
sepolicy/vendor/vold.te vendored
View file

@ -1,2 +1,3 @@
allow vold sysfs_mmc_host:file write; allow vold sysfs_mmc_host:file write;
allow vold sysfs_mmc_host:file create_file_perms;
allow vold vendor_apex_file:file { getattr }; allow vold vendor_apex_file:file { getattr };

2
sepolicy/vendor/wcnss_service.te vendored
View file

@ -2,4 +2,4 @@ allow wcnss_service kmsg_device:chr_file w_file_perms;
allow wcnss_service proc_net:file r_file_perms; allow wcnss_service proc_net:file r_file_perms;
allow wcnss_service sysfs:file r_file_perms; allow wcnss_service sysfs:file r_file_perms;
allow wcnss_service sysfs_net:dir search; allow wcnss_service sysfs_net:dir search;
allow wcnss_service vendor_shell_exec:file x_file_perms; allow wcnss_service vendor_shell_exec:file { x_file_perms execute_no_trans };

1
sepolicy/vendor/zygote.te vendored
View file

@ -1,3 +1,4 @@
allow zygote exported_camera_prop:file { open read getattr write }; allow zygote exported_camera_prop:file { open read getattr write };
get_prop(zygote, exported_camera_prop) get_prop(zygote, exported_camera_prop)
allow zygote unlabeled:dir { search };